Autotrace is a program for converting bitmaps to vector graphics. It had a bugthat caused an out-of-bounds write. This was caused by not allocatingsufficient memory to store the terminating NULL pointer in an array.

For Debian 7 "Wheezy", this problem have been fixed in version0.31.1-16+deb7u1.

We recommend that you upgrade your autotrace packages.

Further information about Debian LTS security advisories, how to applythese updates to your system and frequently asked questions can befound at: https://wiki.debian.org/LTS

Dawid Golunski from legalhackers.com discovered that Debian's versionof Tomcat 6 was vulnerable to a local privilege escalation. Localattackers who have gained access to the server in the context of thetomcat6 user through a vulnerability in a web application were able toreplace the file with a symlink to an arbitrary file.

Dawid Golunski from legalhackers.com discovered that Debian's versionof Tomcat 7 was vulnerable to a local privilege escalation. Localattackers who have gained access to the server in the context of thetomcat7 user through a vulnerability in a web application were able toreplace the file with a symlink to an arbitrary file.

In addition this security update also fixes Debian bug #821391. Fileownership in /etc/tomcat7 will no longer be unconditionally overriddenon upgrade. As another precaution the file permissions of Debianspecific configuration files in /etc/tomcat7 were changed to 640 todisallow world readable access.

For Debian 7 "Wheezy", these problems have been fixed in version7.0.28-4+deb7u6.

We recommend that you upgrade your tomcat7 packages.

Further information about Debian LTS security advisories, how to applythese updates to your system and frequently asked questions can befound at: https://wiki.debian.org/LTS